Security Watch

Keeping Track of patches and hacks in the IT security world.

NY Teen Hacks, Infects and Dissects AOL

A New York teenager with a grudge has admitted to hacking AOL, getting into its internal networks and databases, planting a Trojan, and spear phishing 60 accounts out of AOL employees and subcontractors—all because "they took away my accounts and wouldn't give them back."

The Manhattan District Attorney's office has filed charges against 17-year-old Mike Nieves for first-degree computer tampering, second-degree criminal mischief, computer trespass, criminal possession of computer-related material and unauthorized use of a computer. AOL says the trespassing and tinkering have cost the company over $500,000.

Nieves told the Computer Crime Squad that he not only hacked into AOL because they wouldn't give him his accounts back, he also accessed their internal accounts and network and used them to try to get his accounts back. He also confessed to sending an employee a bot. When his DSL was turned off, he turned to dial-up, he said, and also posted some photos to show off his work on PhotoBucket.

Nieves is being charged with hacking into customer billing records, addresses and credit card information between Dec. 24, 2006 to April 7. On Dec. 24 and 26, 2006, he also allegedly infected AOL member service machines in AOL's New Delhi call center with a bot designed to get those machines to send data from inside AOL to Nieve's home computer.

With the information passed on by the zombie machines, Nieves had access to 49 employee accounts. Logged into those accounts, he tried to leverage the account information to get more credentials that would have allowed him to log in to AOL's customer care tool, which contains sensitive customer information, the complaint charges.

In February, Nieves tried spear phishing—phishing attempts tailored to the recipient. His scams were called "You've Got Pictures" and "AOL Beta." The spear phishing netted him access to 60 employee and subcontractor accounts. He carried out the scam using AIM accounts, where his screen names included "virus," "digitsmike," "illwishmike," "viruslegacy," "sckmike," "tritontestmike" and "testaccmike."

AOL nailed him by searching subscriber information attached to the accounts using those screen names. That subscriber information also revealed Nieve's address and telephone number. AOL also checked out the IP addresses associated with Nieves and the AIM screen names, finding that the IP address was assigned to the computer used by Nieves and associated with the AIM accounts.